Apple is da bomb! Vulnerability found in battery circuitry

Okay, so the title is more joke than anything else but security researcher Charlie “Safari Charlie” Miller discovered a vulnerability in Apple devices, sort of. This exploit, which appears to not actually be a security flaw and rather just an over-permissive design, allows an attacker to gain access to your battery control using one of two static company-wide passwords. Charlie has discovered many exploits in the past several years on the OSX and iOS platforms. One of the most high profile attacks he discovered involved a data-execution vulnerability in the iPhone’s SMS handling: under certain conditions your iPhone could potentially confuse inbound text messages as code and run it with high permissions.

Malware assaults and battery charges.

(Image from Apple, modified)

So what does having the ability to write to a laptop’s battery firmware mean? Firstly, remember the old advice of “Get a virus? Reinstall your OS!”? Well assuming you actually can perform a clean install without ridiculous hacking (thanks Lion) the battery controller can simply re-infect you if the attacker knows an exploit for your version of OSX. But how does the attacker know your current version of OSX? Well if you are installing from an optical disk they just need to know a Snow Leopard RTM exploit; unless of course you extract Lion from the Mac App Store and clean install using it – assuming the attacker does not know an exploit for Lion or simply just infects the reinstall media if you created it from the infected computer. True, malware is about money so it is highly unlikely that an attacker would go for that narrow of a market of Mac users (already a narrow-enough market to begin with) but the security risk is there if for some reason you are a tempting enough target to spear-phish. Your only truely secure option is removing the battery while performing the OHHHHHHHH.

You know, while working (very temporarily) on the Queen's University Solar Vehicle project I was told that Lithium cells smell like sweet apples when they rupture. I have never experienced it but if true I find it delightfully ironic.

While that would all require knowledge of other exploits in your operating system, there is a more direct problem. If for some reason someone would like to cause damage against your Apple devices they could use this flaw to simply break your batteries. Charlie has bricked nine batteries in his testing but has not even attempted to see whether it would be possible to over-charge a battery into exploding. While it is possible to force the battery controller to create the proper conditions for an explosion there are other, physical, safe guards in place. Then again, batteries have exploded in the past often making highly entertaining Youtube videos and highly unentertaining FOX news clips.

It's not an Apple thing, per se: security is hard. Very very hard. The worst thing to do, security wise, is be complacent. If you think you have a quick and easy method to total security with no caveats you are wrong.

Nah, any storage of energy if it is forced to release it too quickly is problematic. Does Apple's non-replaceable battery make it any more inherently dangerous? Well there's physically more battery in there so if it does explode it will make a bigger effect but no more likely than any other battery that it will explode.

What Apple's non-replaceable battery does is prevents you from removing the infected device meaning that an attack could keep jumping from the OS to the battery to the OS to the battery as you reinstall the OS or the Firmware provided you cannot overwrite both before it replicates. That said, unless you're (for instance) the Dalai Lama who needs to worry about the Government of China throwing probably millions of dollars into hacking him specifically, it is highly unlikely that someone would put that much money in malware.